hello,
I configured a PIX 506E (6.5.3) to connect via a site-to-site VPN to a remote network.
I can access the remote side using a single IP address (10.10.10.111).
This is my config:
....
access-list vpn permit ip 10.10.10.111 255.255.255.0 192.168.1.0 255.255.255.0
....
ip address outside (my-public-ip-address) 255.255.255.248
ip address inside 10.10.10.1 255.255.255.0
....
global (outside) 1 interface
nat (inside) 0 access-list vpn
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
....
route outside 0.0.0.0 0.0.0.0 (my-gateway-ip)
....
sysopt connection permit-ipsec
....
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map vpnmap 10 ipsec-isakmp
crypto map vpnmap 10 match address vpn
crypto map vpnmap 10 set peer (remote-peer-ip)
crypto map vpnmap 10 set transform-set vpnternaset
crypto map vpnmap interface outside
isakmp enable outside
isakmp key ******** address (remote-peer-ip) netmask 255.255.255.255
I can access the remote network using a PC configured with the IP 10.10.10.111.
It works, but now I have to change the IPs of my LAN, using the range 172.16.1.0/24.
I would like to reconfigure my LAN, using the actual IP address (10.10.10.111) to access the remote network. Is this possible?
In my mind, I would like to NAT the traffic between my LAN (172.16.0.0/24) and the remote network (192.168.1.0/24) using the address 10.10.10.111. I don't know if this possible. I googled a lot, but unsuccessfully (may be I don't use the right keywords).
Any suggestion or link is very appreciated.
Have a nice day.
I configured a PIX 506E (6.5.3) to connect via a site-to-site VPN to a remote network.
I can access the remote side using a single IP address (10.10.10.111).
This is my config:
....
access-list vpn permit ip 10.10.10.111 255.255.255.0 192.168.1.0 255.255.255.0
....
ip address outside (my-public-ip-address) 255.255.255.248
ip address inside 10.10.10.1 255.255.255.0
....
global (outside) 1 interface
nat (inside) 0 access-list vpn
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
....
route outside 0.0.0.0 0.0.0.0 (my-gateway-ip)
....
sysopt connection permit-ipsec
....
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map vpnmap 10 ipsec-isakmp
crypto map vpnmap 10 match address vpn
crypto map vpnmap 10 set peer (remote-peer-ip)
crypto map vpnmap 10 set transform-set vpnternaset
crypto map vpnmap interface outside
isakmp enable outside
isakmp key ******** address (remote-peer-ip) netmask 255.255.255.255
I can access the remote network using a PC configured with the IP 10.10.10.111.
It works, but now I have to change the IPs of my LAN, using the range 172.16.1.0/24.
I would like to reconfigure my LAN, using the actual IP address (10.10.10.111) to access the remote network. Is this possible?
In my mind, I would like to NAT the traffic between my LAN (172.16.0.0/24) and the remote network (192.168.1.0/24) using the address 10.10.10.111. I don't know if this possible. I googled a lot, but unsuccessfully (may be I don't use the right keywords).
Any suggestion or link is very appreciated.
Have a nice day.
